|
| From: | adanskana |
| Subject: | Re: xz backdoor |
| Date: | Tue, 02 Apr 2024 16:29:09 +0800 |
I mentioned this on the guix XMPP server. Thanks for fixing this!There's actually suspicious code by the xz attacker in one of our packages right now: https://issues.guix.gnu.org/issue/70113 Please help review that patch!as for gpaste (one of the dependees of libarchive): it doesn't build since the recent gnome merge. i've filed a patch for the necessary version bump: https://issues.guix.gnu.org/70133 which also gets rid of the libarchive dependency.
I used gpaste up until the merge and went to use the extension. I had absolutely no idea this was the state of things; that is very worrying. I'm keen to see your patch fasttracked - you're not the only user, haha!it would be nice to get this fast tracked. although, judging from the (lack of) complaints, i might be the only user of it. PS: and meanwhile we're packaging an alternative, namely gnome-shell-extension-clipboard-indicator, with an enormous security flaw: by default it saves the clipboard history in clear text, and calls the feature "cache only favorites", so that even if you look for it, you still don't realize it: https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator/issues/138#issuecomment-904689439 ...and its author actively defends this situation.
--• attila lendvai • PGP: 963F 5D5F 45C7 DFCD 0A39 -- “The noble-minded are calm and steady. Little people are forever fussing and fretting.” — Confucius (551–479 BC), 'Analects of Confucius'
| [Prev in Thread] | Current Thread | [Next in Thread] |